#!/bin/bash

set -o errexit
set -o xtrace

test_dir=$(realpath $(dirname $0))
. ${test_dir}/../functions

function jq_filter() {
    local vault_root=$1
    jq -r "[ .[] | .=\"'$vault_root/\"+.+\"'\" ] | join(\", \")"
}

main() {
    create_infra $namespace
    kubectl_bin apply -f $conf_dir/cloud-secret.yml

    vault1="vault-service-1-${RANDOM}"
    protocol="https"
    start_vault $vault1 $protocol
    token1=$(jq -r ".root_token" <"$tmp_dir/$vault1")
    ip1="$protocol://$vault1.$vault1.svc.cluster.local"

    cluster="some-name"
    spinup_pxc "$cluster" "$conf_dir/$cluster.yml"
    keyring_plugin_must_be_in_use "$cluster"
    table_must_be_encrypted "$cluster" "myApp"

    run_backup         "$cluster" "on-demand-backup-pvc"
    run_recovery_check "$cluster" "on-demand-backup-pvc"
    check_pvc_md5
    table_must_be_encrypted "$cluster" "myApp"
    keyring_plugin_must_be_in_use "$cluster"
    
    run_backup         "$cluster" "on-demand-backup-aws-s3"
    run_recovery_check "$cluster" "on-demand-backup-aws-s3"
    table_must_be_encrypted "$cluster" "myApp"
    keyring_plugin_must_be_in_use "$cluster"
    
    mountpt=$(kubectl_bin get -f "$conf_dir/vault-secret.yaml" -o json | egrep -o "secret_mount_point = \w+" | awk -F "=[ ]*" '{print $2}')
    transition_keys=$(kubectl_bin exec --namespace="$vault1" -it $vault1-0 -- sh -c "
        VAULT_TOKEN=$token1 vault kv list -format=json $mountpt/backup/" \
            | jq_filter "$mountpt/backup/")

    vault2="vault-service-2-${RANDOM}"
    start_vault $vault2 $protocol
    token2=$(jq -r ".root_token" <"$tmp_dir/$vault2")
    ip2="$protocol://$vault2.$vault2.svc.cluster.local"

    kubectl_bin run -i --tty vault-cp --image=perconalab/vault-cp:latest --restart=Never -- sh -c "
        sed -i 's/token=cfg.old_token)/token=cfg.old_token, verify=False)/' /src/vault-cp.py \
        && sed -i 's/token=cfg.new_token)/token=cfg.new_token, verify=False)/' /src/vault-cp.py \
        && echo \"
old_url = '$ip1:8200'
old_token = '$token1'
new_url = '$ip2:8200'
new_token = '$token2'
secrets = [ $transition_keys ]
\" > /src/config.py
    python3 /src/vault-cp.py
    "

    run_recovery_check "$cluster" "on-demand-backup-pvc"
    table_must_be_encrypted "$cluster" "myApp"
    keyring_plugin_must_be_in_use "$cluster"

    run_recovery_check "$cluster" "on-demand-backup-aws-s3"
    table_must_be_encrypted "$cluster" "myApp"
    keyring_plugin_must_be_in_use "$cluster"

    for i in $vault1 $vault2; do
        helm delete $i || :
        kubectl_bin delete --grace-period=0 --force=true namespace $i &
    done

    destroy $namespace
}

main
